A visual security multi-key selection image encryption algorithm based on a new four-dimensional chaos and compressed sensing

In this article, a visual security image encryption algorithm based on compressed sensing is proposed. The algorithm consists of two stages: the compression and encryption stage and the embedding stage. The key streams in the compression and encryption stage are generated by a newly constructed four-dimensional discrete chaotic map, while the Gaussian measurement matrix is generated by a Chebyshev map, and both of their generations are related to the feature code of the carrier image, which enhances the security of the ciphertext. In the compression and encryption stage, a scrambling-cyclic shift-diffusion encryption structure is adopted for the compressed image in which the shift number in the cyclic shift stage and the diffusion key streams are dynamically changed according to each pixel value, so the algorithm can resist chosen plaintext attack. In the embedding stage, the carrier image is first subjected to integer wavelet transform to obtain the high-frequency and low-frequency components of the image, and then the intermediate ciphertext information is embedded into its high-frequency components. Finally, the carrier image is subjected to inverse integer wavelet transform to obtain a visually secure ciphertext image. The experimental results and security analysis indicate that the encryption scheme has a large key space, high decryption key sensitivity, similar histogram distribution between the carrier image and the visual security ciphertext image, and good robustness to noise attacks.

image.In reference 2,3 , the plaintext image was pre encrypted into a ciphertext image, and then the ciphertext image was embedded into the carrier image to obtain a visually secure ciphertext image.Although these algorithms can achieve visual security, the size of ciphertext is too large, which is four times the size of plaintext images, seriously increasing the burden of storage space and transmission bandwidth.If the encrypted image can be further compressed before transmission, it can not only improve transmission efficiency, but also be more suitable for bandwidth limited transmission channels.Fortunately, the emergence of compressive sensing (CS) has made it possible to perform both compression and encryption simultaneously.Since the proposal of compressive sensing in 2006, many scholars have combined chaotic systems with compressive sensing to design many image encryption algorithms [4][5][6][7][8][9][10] , as well as some visual security encryption algorithms [11][12][13][14] .For example, in reference 11 , Chai et al. designed a single grayscale visual security image encryption algorithm using CS and chaotic systems, ensuring that the ciphertext image is the same size as the plaintext image, and the algorithm is related to the hash value of the plaintext image, effectively resisting chosen (known) plaintext attacks.In reference 13 , an efficient and robust meaningful image encryption (MIE) scheme was proposed by combining block compression sensing (BCS) and singular value decomposition (SVD) embedding.Yuan di Shi et al. proposed a visual security image encryption scheme based on adaptive block compression sensing and non negative matrix decomposition 14 , in which experimental results show that this scheme can balance the security of image information transmission and the integrity of received ciphertext and has good resistance to various attacks.Zhou et al. 15 proposed an efficient image compression and encryption scheme based on hyperchaotic systems and two-dimensional compression sensing, in which , the plaintext image is compressed and encrypted simultaneously using measurement matrices in both directions.Then, the obtained ciphertext image was subjected to a cyclic shift operation method controlled by the hyperchaotic system, which can effectively change pixel values.These proposed encryption algorithms reduced data transmission volume, greatly improved the transmission efficiency.
In references [1][2][3]11 , ciphertexts were directly embedded into the carrier image, which directly leads to a too concentrated pixel value distribution in the ciphertext image and poor security. Fo a good encryption algorithm, we prefer to obtain a uniform pixel value distribution in the ciphertext image, which can increase the security of the algorithm.Due to the low correlation between algorithms and plaintext, many encryption algorithms have been cracked [16][17][18][19][20][21] .Therefore, effective information from plaintext images should be utilized to design image encryption algorithms to improve the security of the algorithms.At present, most image encryption algorithms adopt information related to plaintext images, such as pixel average 22 , hash value 11 , information entropy 23 , to design keys to increase the connection between the algorithm and plaintext and improve the algorithm's resistance to chosen plaintext attacks.However, during decryption, it is necessary to transmit these parameters related to plaintext information to the receiver.When encrypting a large number of images at the same time, an additional amount of information needs to be transmitted, which will cause serious transmission burden.In addition, once these parameters are stolen by hackers during the transmission process, they are likely to crack plaintext images, so these algorithms have certain security risks.
Both high-frequency and low-frequency components can be obtained by performing lifting wavelet transform (LWT) 2 or discrete wavelet transform (DWT) 1,3,11 on the carrier image.However, LWT and DWT transformations are not completely reversible, which leads to energy loss when performing inverse operations on carrier images embedded with the intermediate ciphertext information, so the extracted information during decryption differs from the embedded data, resulting in poor quality of reconstructed images.Therefore, it is urgent to find a better wavelet transform that can achieve complete reversibility without energy loss when performing inverse operations on carrier images.
Therefore, in order to solve the above problems, this article proposes a new visual secure image encryption algorithm, which has the following advantages: 1. Design a method for extracting carrier image feature codes, which are robust and unique.2. The initial values of the chaotic system are set to be related to the feature code of the carrier image, so the key streams generated by the chaotic system are related to the carrier image.When decrypting, due to the robustness of the feature code, the receiver only needs to directly extract the feature code of the received ciphertext image, without the need to transmit the feature code of the carrier image separately.3.In the encryption phase, an image encryption algorithm with dynamic key selection mechanism was adopted.
According to the different pixel positions, different random sequences are selected for encryption to further ensure the algorithm's resistance to plaintext/ciphertext attacks 4. In the embedding stage, integer wavelet transform (IWT) is applied to the carrier image to solve the problem of energy loss during the reconstruction of discrete wavelet transform and lifting wavelet transform.
In addition, the highlights of this paper also include the following two points: 1.A four-dimensional discrete chaotic map was constructed based on Marotto's theorem and it was theoretically proved that the map is chaotic in in the Li Yorke sense.2. A method for constructing a Gaussian measurement matrix based on chaotic mapping is proposed, which can quickly and massively generate a Gaussian measurement matrix.The generated Gaussian measurement matrix can be conveniently applied in compressed sensing.

Preliminary knowledge
The basic technologies used in encryption systems are introduced to lay the groundwork for designing encryption algorithms.

Visual security encryption technology
Visual security encryption technology is also known as Visual Cryptography.It is an information hiding technique that allows secret information to be visually hidden in images, so that only people with specific keys can interpret the hidden information, while others cannot detect the existence of the information.The usefulness of visual cryptography lies in its provision of a simple and effective method to protect information from unauthorized access.Compared with traditional encryption techniques, visual cryptography does not require complex algorithms or computing power, but relies on patterns and color changes that are difficult for the human eye to recognize to achieve information hiding.Here are some examples of visual cryptography and their application scenarios.
(1) Secret image transmission: Important images or files can be converted into seemingly ordinary images and sent via email or social media without attracting the attention of third parties.It can be used for the covert transmission of sensitive information, such as military communication, trade secret protection, etc. (2) Data privacy protection: Companies or individuals can use visual cryptography technology to protect their private images or data, such as hiding identity documents, credit card information, etc. in seemingly harmless images.It can prevent personal information leakage and increase data security.(3) Digital watermarking: Embedding invisible marks in digital media (such as images, videos, audio), which can be copyright information, owner identity, etc.This can be used for copyright protection and piracy tracking to ensure the security of intellectual property.(4) Security certification: Print specific visual patterns on documents or product packaging that may appear random to the naked eye, but can be verified for authenticity through specific decoding methods.This can be used for anti-counterfeiting identification, such as anti-counterfeiting labels for banknotes, passports, branded goods, etc. (5) Access Control: Use visual passwords to generate a card or label containing secret information, and only personnel who know the decoding method can obtain access permissions.This can be used for physical and logical access control systems, such as access control systems, computer login, etc.

The construction of a new four dimensional discrete chaotic map
In this chapter, a new four-dimensional discrete chaotic map is constructed based on the Marotto theorem, and a pseudo-random number generator is designed based on this four-dimensional chaotic map.The random sequences used in the plaintext image encryption algorithm in the following chapters are all generated by the random number generator.Theorem 1 Marotto's theorem 24 .
Let z ∈ R n be a fixed point for the mapping f :R n → R n , assuming: (1) f is continuously differentiable in a certain field of z and the absolute values of all eigenvalues of Df(z) are greater than 1, thus there exists a normal number r.And a norm ‖•‖of R n , such that f expands on B r (z) below the norm‖•‖ of R n , where B r (z) is a closed sphere centered on z in space (R n ,‖•‖).
(2) z is a return extension fixed point of f, that is, there exists a point x 0 ∈ B r (z) and a positive integer m, satisfying f m (x 0 ) = z, where B r (z) is a closed sphere centered on z in space (R n ,‖•‖), f is continuously differentiable in a certain fields of x 0 ,x 1 ,…x m-1 and satisfies detDf(x j ) ≠ 0, where x j= f(x j-1 ), (0 ≤ j ≤ m-1).Then the mapping f is chaotic in the Li Yorke sense.
The form of the four dimensional discrete chaotic system constructed based on Theorem 1 is shown in Eq. (1) Among them, the parameters are a = b = 4, c = 3.5, d = 2, t = 4.The sequences generated by this system are chaotic sequences.The following proof shows that the mapping satisfies the Marotto theorem.
Proof Obviously, z = (0,0,0,0) is a fixed point of the mapping (1), and for the mapping (1) with r > 0, it is continuously differentiable on B r (z).The expression of its Jacobian matrix is Df(x).
The maximum Lyapunov exponent of chaotic map (1) calculated using the Wolf method is 0.8976, which also verifies that the map is a chaotic mapping.When the initial value is given as X(0) = {1.7325,0.8367, 1.5872, 0.8632}, Chaotic orbits of the variables of system (1) are shown in Fig. 1.

Design and performance analysis of a pseudorandom number generator based on the chaotic mapping(1)
Firstly, construct a pseudo-random number generator based on this chaotic mapping.Set the initial values x 1 (0), x 2 (0), x 3 (0), x 4 (0) of the chaotic system (1) to generate four chaotic sequences of length l, x t = {x t (k)|k = 1, 2, 3 ,…,l; t = 1, 2, 3, 4} and the sequences x i , x j , x q are used to generate key streams T i,j,q of length l according to Eq. ( 2).Here, i, j, q are not equal to each other, and i, j, q {1, 2, 3, 4}, thus obtaining C 4 3 = 4 different sequences T i. j, q. (i, j, q in ascending order). where , min(X) = min{X(k)|k = 1, 2, ..., l} , max(X) = max{X(k)|k = 1, 2, ..., l} , Round(x) represents taking the integer closest to x.The initial value of a chaotic system serves as the seed of a random number generator, so different initial values of the chaotic mapping (1) result in four different random number sequences T i, j, q .These four random sequences are combined into six pairs of random sequences, as shown in Table 1.Different random sequence pairs from Table 1 are chosen when encrypting pixels at different positions.This is the principle of the key dynamic selection mechanism.
(1) Pseudorandomness detection of SP800-22 (2) , 256 www.nature.com/scientificreports/ The NIST (National Institute of Standards and Technology, USA) SP800-22 is a standard test software package to evaluate the randomness performance of time series 25 .These tests focus on various types of non randomness that may exist in the sequence, some of which can be decomposed into various seed tests.16 test items include frequency test, block frequency test, run test, binary matrix rank test, etc.Before the test, a significance level α is set.It requires multiple groups of sequence (at least 100 groups) to be tested, and the length of each group is 1,000,000 bits.Therefore, the total length of 100 groups of sequences is 100 × 1,000,000 bits.There are two performance indicators, the p-value and pass rate, that are employed to measure the stochastic performance of time series.The default significant level a = 0.01.The confidence interval that is used to test the pass rate is defined as where m is the number of groups of bit sequences.When α = 0.01 and m = 100, the confidence interval is [0.9602, 1.0198], which indicates that the minimum passing rate must be 96%.
To perform randomness detection on the random numbers generated by the pseudo-random number generator.Set the initial values x 1 (0) = 1.7325, x 2 (0) = 0.8367, x 3 (0) = 1.5872, x 4 (0) = 0.8632 to obtain four random sequences T 1,2,3 , T 1,2,4 , T 1,3,4 and T 2,3,4 , each sequence has a length of S. In order to test the randomness of the sequence with NIST software, four sequences T 1,2,3 , T 1,2,4 , T 1,3,4 and T 2,3,4 are connected to obtain a sequence T with a length of 4S, and each element in the sequence is an 8-bit non negative integer.Therefore, the sequence T contains a total of 32S bits.The significance level is set to a = 0.01 and m = 100.Let S = 3,125,000, then T contains a total of 100 × 1,000,000 bits.The 16 indicators test results of NISTSP800-22 are shown in Table 2, in which the respective P value and pass rate are listed.It is worth noting that the item marked with * contains multiple sub items.We listed the result with the lowest p-value corresponding to the lowest pass rate.The P-values in the test results are all greater than a = 0.01 and the minimum passing rate is above 96%, indicating that the randomness of the chaotic sequence meets requirements of SP800-22.
(2) Information entropy and histogram analysis Entropy of a message is used to measure the randomness of the message, which is defined by where p(m i ) denotes the probability of gray level m i.When the sequence {m i } is of equal probability distribution, it has a maximum entropy of 8 bits.The greater the information entropy of a sequence {m i }, the better its randomness.The calculation result shows that the maximum, minimum, and average values of information www.nature.com/scientificreports/entropy in the four sequences T i,j,q are 7.9978 bit, 7.9477 bit, and 7.99965 bit, respectively, while the maximum, minimum, and average values of information entropy in the four sequences S i,j,q are 7.9956 bit, 7.9377 bit, and 7.9935 bit, respectively, all very close to the ideal value.The numerical distribution curves of T 1,2,3 , S 1,2,3 ,are shown in Fig. 2a,b, respectively .It can be seen that the random sequences T 1,2,3 and S 1,2,3 are evenly distributed and have good pseudo randomness.

The generation of feature code for the carrier image based on singular value decomposition (SVD)
In some encryption systems, algorithms are not sensitive to plaintext images and cannot effectively resist chosenplaintext attacks.In some algorithms, the hash value or pixel sum of plaintext images are used as a part of the initial value of the chaotic system, which enhances the security of the encryption system.However, when decrypting, both the initial value of the chaotic system and the hash value of the image are required, which increases the difficulty of key management.So it is not feasible in practical applications.To address this issue, this paper proposes a method of extracting feature code based on singular value decomposition (SVD) for carrier images.
The feature codes must meet the following conditions (1) Robustness: The feature codes of the original carrier image, the image embedded in the intermediate ciphertext, and the attacked ciphertext image must be the same, that is, the extracted feature codes must be robust to certain common attacks (2) Uniqueness: The feature codes should be different for different images.That is to say, a feature code should uniquely correspond to a specific image.
The steps for extracting feature code are as follows: (1) Assuming the carrier image is I of the size M × N , divide I into blocks with the size (m + n) × (m + n), so the number of blocks is (2) SVD decomposition forI k1 and I k2 , respectively as shown in Eqs. ( 4) and ( 5) where U ki ∈ R n×n , V ki ∈ R n×n are all unitary matrices, and U ki U T ki = I , V ki V T ki = I .The superscript T rep- resents a matrix transpose, S ki ∈ R n×n is a diagonal matrix.If the rank of the matrix is r, then the diagonal elements of S ki (i = 1,2) satisfies σ 1 ≥ σ 2 ≥ .... ≥ σ r ≥ 0.

Integer wavelet transform
The pixel values of digital images are represented by positive integers, however, the data obtained from wavelet transform of digital images is no longer integers.The accuracy of binary representation for floating-point numbers is limited, so there may be energy loss when reconstructing the obtained wavelet coefficients.The emergence of integer wavelets perfectly solves this problem.Integer wavelet transform (IWT) and inverse integer wavelet transform (IIWT) are completely reversible, which can achieve integer to integer wavelet transform.Perform IWT operation on image A to obtain low-frequency components A CA and high-frequency components A CH , A CV , and A CD , as shown in Fig. 4. In the embedding stage, the intermediate ciphertext image will be embedded into the high-frequency component of the integer wavelet transform of the carrier image.

Construction of Gaussian measurement matrix in compressed sensing (CS)
Compressed sensing is the process of compressing data while collecting signals, with the aim of collecting as few signals as possible and reconstructing the original signal with high probability 26 .
For an original signal x(x ∈ R n ), assuming its coefficient vector under a set of orthogonal bases ψ is S, the signal can be represented as (8)   Among them, ψ is sparse base or sparse dictionary.S is a vector composed of weighted coefficients, called a sparse representation of x.So the measurement process of signal x can be expressed as (9)   Among them, ψ is the measurement matrix that projects the high-dimensional signal x onto a low dimen- sional space.The signal recovery process involves obtaining S from the measured value y, and then obtaining the original signal x from x = ψs.When the measurement matrix satisfies the finite isometry property(RIP), the signal x can be accurately reconstructed, and commonly used reconstruction algorithms include: matching pursuit (MP), orthogonal matching pursuit (OMP), smooth l 0 norm (SL 0 ) 27 .
In the theory of compressed sensing, signal acquisition, compressed measurement, and reconstruction largely rely on the measurement matrix, so the measurement matrix plays an important role.The Gaussian random measurement matrix has significant randomness, can accurately reconstruct the signal through a small number of measurement values, which is widely used.A Gaussian measurement matrix was constructed based on Chebyshev map, which is defined as (10)   The probability density function of the chaotic sequence generated by Chebyshev map is shown as (11)   (5) www.nature.com/scientificreports/ The detailed construction steps of the Gaussian measurement matrix is as follows.
Step 2: Set two initial values ty, sy = sort(Y 1 ) separately and iterate Chebyshev map to generate two chaotic sequences Y 1 and Y 2 with length L = M × N, respectively.Transform the chaotic sequences Y 1 and Y 2 to obtain two sequences D 1 and D 2 by formulas ( 18) and (19)   As pointed out in 28 , D 1 and D 2 obey the uniform distribution on the interval (0, 1).
Step 3: Using Box-Muller transformation 29 to transform D 1 and D 2 into random sequences Z 1 and Z 2 that obey the standard Gaussian distribution according to formulas (20) and (21).
Then, the transformation of the two sequence Z 1 Z 2 into two matrixs ty, sy = sort(Y 1 ) , and ty, sy = sort(Y 1 ) ,which is the Gauss measurement matrix.But the optimized Gaussian measurement matrix can reduce the influence of signal noise and improve the quality of reconstructed image 30 .
By optimizing ty, sy = sort(Y 1 ) using the same method, we can obtain ty, sy = sort(Y 1 ).Then, the new matrix ty, sy = sort(Y 1 ) and ty, sy = sort(Y 1 ) are the Gaussian measurement matrices that will be used in encryption algorithm.

Encryption algorithm
The proposed encryption scheme consists of two stages.In the first stage, the plaintext image is compressed and encrypted into a ciphertext image, called intermediate ciphertext.In the second stage, the intermediate ciphertext is embeded into the high-frequency part of the integer wavelet transform domain of the carrier image, and then

Compression and encryption algorithm for the plaintext image
In the first stage, the plaintext image is compressed and encrypted into intermediate ciphertext.The algorithm flowchart is shown in Fig. 6.
The detailed steps of the algorithm are as follows:  www.nature.com/scientificreports/ Step 1: Implement two-dimensional discrete wavelet transform (2-D DWT) on the grayscale plaintext image I of the size M × N for sparsity.And set the threshold TS, so that the absolute value of elements in the sparse matrix that are less than TS becomes 0, ultimately,we can obtain the sparse matrix I 1 with the size of M × N.
Step 2: Arrange the chaotic sequence Y 1 generated by the method in Sect.1.6 in ascending order as formula (23).
Among them, ty is a new sequence obtained by arranging Y 1 in ascending order, and sy is also a new sequence formed by the positional index of ty in Y 1 .
Convert the sparse matrix I 1 into a one-dimensional vector I 2 with a length of M * N, and then perform a scrambling operation on I 2 according to sy to obtain I 3. Then convert I 3 into matrix I 4 with the size of M × N. as formula (24).
Step 3: Use the measurement matrixes ψ1 ψ2 to perform bidirectional two-dimensional compressed sensing (2-DCS) on the sparse matrix I 4 obtained in Step 2, as shown in formula ( 25) Step 4: The element values in matrix I 5 are relatively large, and the magnitude can reach 10 3 , the range of element values can be adjusted to [0 255] by the following transformation of ( 26), so I 6 is the compressed image.
where, max and min are the maximum and minimum values of I5 respectively.And round(X) rounds each element of X to the nearest integer.
Step 6: Convert I6 into a one-dimensional vector I7 with a length of l=M1 * N1, perform a cyclic shift operation on I7, and the cyclic shift bits of different pixels are determined based on the value of TP.Then perform diffusion operation to confuse the relationship between ciphertext and plaintext and SP (i) determines the selection of different diffusion key streams from Table 1.
The final cyclic shift formula and ciphertext diffusion formula are the following Eqs.( 29)- (31), resulting in the ciphertext sequence C = {c(1), c(2), c(3), …, c(l)}.Convert C to a matrix with a size of M 1 × N 1 ,to obtain the intermediate ciphertext.
Due to the correlation between the generation of Y 1 , Y 2 and the feature codes of the carrier image, the key streams T P and S P are both related to the carrier image, which further enhances the security of the encryption system.

Embedding compressed ciphertext images into carrier images
Step 1: Implement integer wavelet transform(IWT) on carrier image A with the size of M × N to obtain lowfrequency components A CA and high-frequency components A CH , A CV , and A CD , all of which are (M/2) × (N/2).
Step 2: In order to perfectly embed the ciphertext image C into the carrier image, we set the compression rate CR of the plaintext image to CR = 0.5, so that the size of the ciphertext image C is (M/2) × (N/2).In order to securely embed matrix C into the carrier image, matrices C 1 and C 2 can be obtained according to the formulas (32) and (33).
Step 3: Replace the high-frequency component matrices A CH and A CV with the matrices C 1 and C 2 to obtain the matrices A CH ' and A CV ' .Perform inverse integer wavelet transform on matrices A CA , A CH ' , A CV ' and A CD to obtain matrix A 1 , which is a visually secure ciphertext image, called ciphertext.

Image decryption algorithm
The decryption algorithm is the inverse operation of the encryption algorithm.It consists of two stages: In the first stage, the intermediate ciphertext is extracted from the ciphertext; In the second stage, the plaintext image I is restored from the intermediate ciphertext.

Extracting the intermediate ciphertext from the ciphertext
Step 1: Implement integer wavelet transform (IWT) on the ciphertext A 1 with the size of M × N to obtain lowfrequency components A 1CA and high-frequency components A 1CH , A 1CV , and A 1CD , all of which are (M/2) × (N/2).
Step 2: Extract the information of matrices A 1CH and A 1CV , and record them as C 1 and C 2 respectively.So the intermediate ciphertext image C can be obtained through the formula (34)

Reconstruction of plaintext images from the intermediate ciphertext
Any perfect encryption algorithm should be decrypted by someone with the correct key, that is, the algorithm is reversible.Otherwise, such encryption algorithms are meaningless.The decryption process is the reverse of the encryption process, and the specific steps are as follows: Step 1: The receiver receives the ciphertext image and extracts the feature code SK according to the method in Sect.1.3.Due to the robustness of the feature code, the extracted feature code is exactly the same as the feature code of the original carrier image.
Step 3: According to the given keys, set the initial value of the four-dimensional chaotic system to iterate the hyperchaotic system (1), and generate the key flows in Table 1.
Step 4: Key 1 (i) and Key 2 (i) can be determined by s p (i), thereby I 8 (i) can be decrypted according to the formula (35).Furthermore, I 7 (i) can be decrypted according to Eq. (36).
Step 5: According to the formula (37), recover I 6 from I 7 and convert I 6 to the matrix I 5 of the size M 1 × N 1 Step 6: The OMP algorithm is used to reconstruct the signal I 4 from I 5 according to the measurement matrix ψ− 1 ψ− 2 .
Step 7: Convert I 4 into a one-dimensional vector I 3 with a length of M * N. Use sy to scramble I 3 to obtain I 2 , and then convert I 2 to the matrix I 1 of the size M × N .Finally, perform inverse wavelet transform on I 1 to obtain the final plaintext image I.

Experimental results and performance analysis
Next, the experimental simulation of the encryption algorithm is carried out, and the uniqueness and robustness of the feature codes are further verified through experiments.

Experimental results
Experiments were conducted on a PC configured with an Intel (R) Core (TM) i5-9400F CPU running at 2.90 GHz with 16 GB memory and a Windows 10 64-bit operating system.The above encryption algorithm was implemented using MATLAB R2014a.We choose the image cameraman as the carrier image, and the image rice as the plaintext image, both of which are 256 × 256 in size.As long as the plaintext image is smaller than the carrier image, good hiding effects can be achieved.In the experiment, the parameter settings are as follows: The initial values of the Chebyshev map are set to y ′ 1 (0) = 0.3468y ′ 2 (0) = 0.6821 and the initial values of the new four-dimensional chaos are set to x 1 (0) = 0.9654, x 2 (0) = 0.0546, x 3 (0) = 0.6705, x 4 (0) = 0.5698.Set the threshold TS = 30 for plaintext sparsity and compression rate CR = 0.5.The plaintext image is compressed and encrypted to become an intermediate ciphertext image, with a size of 128 × 128, which is exactly hidden in the carrier image When extracting the feature code of the carrier image, set n = 34, m = 50.Therefore, the length of the obtained feature code FC is 153.The OMP method is adopted in the reconstruction process of CS.The encryption and decryption results are shown in Fig. 7.
From Fig. 7, it can be seen that: (1) Fig. 7a,b are the carrier image and plaintext image, respectively and Fig. 7c is the intermediate ciphertext image.When it is transmitted and stored on the network, it is easily discovered and attacked by hackers, and cannot protect the security of plaintext image data.(2) Fig. 7d is the final grayscale visually secure ciphertext image, which is visually meaningful and will not be considered as a ciphertext image from the appearance.It can effectively hide ciphertext information and has a relatively high level of appearance ( 34) Peak Signal to Noise Ratio (PSNR) is the most common objective method for evaluating the similarity between the ciphertext image and the carrier image 31 .A larger PSNR value indicates a smaller difference between the two images, resulting in relatively high level of appearance security.The calculation formula for PSNR is as shown in formulas (38) and (39).
Among them, M and N represent the number of rows and columns of the image, while X(i, j) and Y (i, j) represent the pixel values of the ciphertext image X and the Carrier image Y at positions (i, j), respectively.Table 3 presents the PSNR values between different carrier images and corresponding visual security ciphertext images, as well as the comparative analysis results with other literature algorithms [32][33][34] .It can be seen that the PSNR values in this algorithm are higher than those of the other three algorithms, indicating that the embedding method has little impact on the carrier image.Therefore, visually, there is almost no difference between the ciphertext image and the carrier image, and the similarity is very high.

Analysis of the effectiveness of carrier image feature codes
The effectiveness analysis of carrier image feature codes mainly includes robustness and uniqueness analysis.Robustness refers to the feature codes of the original carrier image, the visual security ciphertext image feature codes, and the attacked ciphertext image feature codes, all of which must be the same.Uniqueness refers to the fact that the feature codes should be different for different images.Table 4 shows the feature codes of different carrier images and corresponding ciphertext images.From Table 4, it can be seen that (1) the feature codes have uniqueness, and the feature codes of different images are different; (2) The feature code is robust and remains unchanged after being embedded with secret information.
In addition, the feature codes of the ciphertext image can still remain unchanged after being contaminated by various types of noise.In addition, the feature codes of ciphertext images can still remain unchanged after being contaminated by various types of noise.Tables 5, 6 and 7 respectively show that the feature codes extracted from "cameraman" ciphertext images are unchanged after being contaminated by varying degrees of pepper and salt noise (SPN), Gaussian noise (GN), and speckle noise (SN).Similarly, using "Peppers, " "kids, " "ears, " and "trees" as carrier images, the corresponding ciphertext images are obtained by embedding secret information.The feature codes of these ciphertext images remain unchanged even after being contaminated with varying degrees of noise.A secure encryption algorithm should be sensitive to keys in order to resist brute force attacks.The algorithm is sensitive to keys, which means that even if there is a slight difference between the decryption key and the correct key, no information about the plaintext image can be obtained during decryption.Using'trees' image as the plaintext image and 'Peppers' image as the carrier image, the initial values of Chebyshev map are set to y ′ 1 (0) = 0.3468y ′ 2 (0) = 0.6821 and the initial values of the new four-dimensional chaos are set to x 1 (0) = 0.9654, x 2 (0) = 0.0546, x 3 (0) = 0.6705, x 4 (0) = 0.5698, with a threshold of TS = 30.The encryption operation is performed to obtain the ciphertext image, while the decryption results are shown in the Fig. 9 using Keys1~Keys6 in Table 8.
In Fig. 9a-f represent the decryption results with the error keys in Table 8, indicating that no information about the plaintext image can be obtained.This further demonstrates the high sensitivity of the algorithm to keys.

Correlation coefficient analysis
For a natural image, adjacent pixels have strong correlation and redundancy.One of the goals of image encryption is to eliminate this redundancy and reduce the correlation between adjacent pixels.For the plaintext image and ciphertext image to be evaluated, 4000 pixel points are randomly selected as reference points.Based on these points, adjacent pixel points are taken along the horizontal, vertical, and diagonal directions to form pixel pairs.The correlation coefficient values of the plaintext image,the intermediate ciphertext and the ciphertext image in these three directions are calculated by using the correlation coefficient formula (40), and the calculation results are shown in Table 9.
Among them, x i and y i represent the grayscale values of adjacent two pixels, and n represents the number of selected pixel pairs.www.nature.com/scientificreports/It can be seen from Table 9 that: (1) The adjacent pixels of plaintext images, carrier images, and ciphertext images have high correlation in all directions, with strong correlation coefficients greater than 0.9.This indicates that although plaintext information data is embedded into the carrier image, the information of the carrier image is still retained, ensuring the visual security of the obtained ciphertext image.(2) The intermediate ciphertext image has weak correlation between adjacent pixels, and the correlation coefficient has significantly decreased, almost equal to 0.
In addition, Table 10 presents the comparison results of the correlation coefficients of different images calculated by our algorithm and literature [36][37][38] .The comparison results show that the adjacent pixel correlation of the intermediate ciphertext image obtained by our algorithm is small, which is better than these three literatures.
In order to compare the correlation between adjacent pixels of the plaintext image, the intermediate ciphertext image and the ciphertext image more vividly and intuitively, we use Rice as the plaintext image and cameraman as the carrier image to draw the correlation distribution maps of the plaintext image, the intermediate ciphertext image and the ciphertext image in these three directions, as shown in Figs. 10, 11 and 12, respectively.

Information entropy analysis
The more chaotic the image, the less information it provides, resulting in a higher information entropy of the image.The calculation of information entropy is shown in formula (41)  where p(m i ) denotes the probability of gray level m i.Moreover, in this experiment, the variate n is equal to 256 and the ideal E value is 8.Under the conditions that the embedding stage is remove and the compression rate is set to 0.25, The information entropy calculation results of the plaintext image "cameraman", the carrier image "autumn", the intermediate ciphertext image, and the ciphertext image are shown in Table 11.It can be seen that the entropy value of the intermediate ciphertext image in the fourth column is close to 8, which can resist certain statistical attacks.In addition, the entropy value of the carrier image and its corresponding visual security ciphertext image are very close, indicating that the randomness of the carrier image is also well preserved.
Table 12 presents the comparison results of information entropy between our algorithm and other literature 13,37,38 for plaintext "cameraman" image.From Table 12, it can be seen that compared with other literature 13,37,38 , the information entropy of the intermediate ciphertext image obtained using our algorithm is

Robustness analysis of noise attack
During network transmission, ciphertext images may be contaminated by different types of noise.These noises make it more difficult to recover plaintext images from ciphertext images, so image encryption algorithms with noise resistance are more suitable for practical applications.Therefore, we add various types of noise to visually secure ciphertext images and evaluate the ability of the proposed algorithm based on the quality of the images decrypted from the ciphertext images with various types of noise added.In this article, pepper and salt noise (SPN), Gaussian noise (GN), and speckle noise (SN) were added to the ciphertext images in Fig. 5d respectively.The other parameter settings are the same as in Sect.4.1, and the noise intensity level and experimental results are shown in the following Figs.13, 14 and 15.
In Fig. 13a-d are visual safety images with added intensities of 0.000005%, 0.000007%, 0.000009%, and 0.00001% salt and pepper noise (SPN), respectively; e-h are the decrypted images corresponding to a-d.
Usually, PSNR is used to determine the quality of decrypted images.A larger PSNR value indicates a smaller difference between the two images, resulting in higher reconstruction accuracy.
Calculate the PSNR between plaintext images and decrypted images under different intensities of noise to quantitatively evaluate the algorithm's resistance to noise, and the results are shown in Table 13.
From Figs. 13, 14 and 15 and Table 13, it can be seen that: (1) the decryption results of ciphertext images with adding different types of noise have little visual difference.( 2) With the increase of noise intensity, the quality of the corresponding decryption results also decreases in visual quality, but there is not much difference from the original plaintext image visually.

Time complexity analysis
Time cost is an important indicator for evaluating encryption algorithms.Table 14 presents the time cost test results for encrypting grayscale images of different sizes with a compression ratio of CR = 0.5.
The time cost of the encryption process mainly includes: generation of carrier image feature codes, generation of chaotic sequences, generation of Gaussian measurement matrices, compression measurement of plaintext images, and scrambling operations in spatial and frequency domains.The time cost of decryption process mainly includes: generation of ciphertext image feature codes, generation of chaotic sequences, generation of Gaussian measurement matrices, reconstruction of planar images, and scrambling operations in spatial and frequency domains.During the decryption process, image reconstruction in compressive sensing takes up most of the time.The compression, encryption times and decryption, reconstruction times for different images are all listed in Table 14 separately.From Table 14, we can watch that firstly, for the total compression, encryption and decryption times are very little, but in decryption process, the reconstruction process costs around 99% of the total time; secondly, when the image sizes vary from 256 × 256 to 1024 × 1024, the encryption time is from 0.4191 s to 0.8916 s, but the decryption time is from 5.8835 s to 95.6098 s.Thus, the size of the image is larger, the time complexity is very higher.In the following work, we plan to adopt compressed sensing based on semi tensor product to shorten the reconstruction time.

Analysis of chosen-plaintext attack
The chosen-Plaintext Attack and the chosen-ciphertext attack are two effective and widely adopted security attack methods in cryptanalysis 39,40 .The former assumes that the attacker has the opportunity to temporarily gain access to the encryption machine, so he/she can choose some special plaintext and obtain the corresponding ciphertext; The latter assumes that the attacker has the opportunity to temporarily gain access to the decryption machine, so he/she can choose some special ciphertext and obtain the corresponding plaintext; Then, equivalent intermediate keys can be derived from these plaintext-ciphertext pairs.Many successful cryptographic analysis cases have adopted the chosen plaintext (ciphertext) attack method.Obviously, attackers can easily extract the intermediate ciphertext image from the ciphertext image, but they cannot crack the key streams and measurement matrices by using the method of chosen-plaintext attacks.This is mainly because the generations of the key streams and measurement matrices are related to the feature codes of the carrier image, and different carrier images have different feature codes, resulting in different generated key streams and measurement matrices.So the algorithm can resist the chosen -plaintext attack.

Conclusion
In this article, a four dimensional discrete hyperchaotic system based on Marotto's theorem is constructed and a visual secure image encryption algorithm is proposed.The algorithm consists of two stages: In the first stage, the plaintext image is compressed and encrypted into an intermediate ciphertext image; In the second stage, the intermediate ciphertext image is embeded into the high-frequency part of the integer wavelet transform domain of the carrier image, and then performs the inverse transformation of the integer wavelet transform to obtain the corresponding visual security ciphertext image.The proposed algorithm has high security due to the fact that both the generation of the key stream and the generation of the measurement matrix are related to the feature codes of the carrier image and the fact that a multi key dynamic selection mechanism is adopted in the compression encryption stage.The experimental results and security analysis indicate that the encryption scheme has a large key space, high key sensitivity, similar histogram distribution between the carrier image and the ciphertext image.
This algorithm can resist minor noise pollution attacks, but cannot resist more severe noise pollution attacks and pruning attacks, mainly because if the noise intensity is high, the extracted feature codes from the ciphertext image may not be consistent with the feature codes from the original carrier image, resulting in poor decryption performance.Extracting carrier image feature codes as part of the encryption key can achieve one-time pad encryption effect and overcome the difficulty of key management, which is an innovative point of the paper.Next, we will continue to explore how to extract better feature codes to resist attacks from high-intensity noise pollution.

Ethical approval and informed consent
The author declares that the images used in this article are copyrightless test images that have been authorized for publication in academic research publications.These images have been widely used in a large number of previously published academic papers without the informed consent of the image owner.
Number these small block images in order of I 1, I 2 , …, I L from left to right, and from top to bottom.For each block I k (k = 1, 2, … L), take its sub block I k1 with size n × n in the upper left corner and sub block I k2 with size n × n in the lower right corner, as shown in Fig. 3.

Figure 4 .
Figure 4.The integer wavelet transform (IWT) of image A.

Figure 5 .
Figure 5.The overall flowchart of the proposed encryption algorithm.

Figure 7 .
Figure 7.The encryption and decryption results.(a) The Carrier image.(b) The plaintext image.(c) The intermediate ciphertext.(d) The ciphertext image.(e) The decrypted image.(f) The histogram of (a).(g) The histogram of (d).

Figure 9 .
Figure 9.The decrypted images by using the error keys.(a) The decrypted image by Keys1.(b) The decrypted image by Keys2.(c) The decrypted image by Keys3.(d) The decrypted image by Keys4.(e) The decrypted image by Keys5.(f) The decrypted image by Keys6.

Figure 10 .
Figure 10.The correlation distribution of the plaintext image.(a) The horizontal direction.(b) The vertical direction.(c) The diagonal direction.

Figure 11 .Figure 12 .
Figure 11.Correlation distribution map of the intermediate ciphertext image.(a) The horizontal direction.(b) The vertical direction.(c) The diagonal direction.

Table 1 .
Key stream table.

Table 2 .
NISTSP800 -22 StandardTest for random sequence generated by the chaotic map.

Table 3 .
Comparison of PNSR between this algorithm and other algorithms.

Table 4 .
Feature codes of different carrier images and corresponding ciphertext images.

Table 5 .
The feature codes of ciphertext images attacked by varying degrees of salt and pepper noise.

Table 6 .
The feature codes of ciphertext images attacked by varying degrees of Gaussian noise.

Table 7 .
The feature codes of ciphertext images attacked by varying degrees of speckle noise.

Table 8 .
The error keys used in decryption.

Table 9 .
Calculation results of correlation coefficient.

Table 10 .
Comparison results of image correlation coefficients for different algorithms.

Table 11 .
Information entropy of the ciphertext images.

Table 12 .
Comparison of information entropy of ciphertext obtained using different algorithms.closer to the expected value of 8. Therefore, our algorithm is safe and reliable, and the possibility of information leakage is very small.

Table 13 .
PSNR with different noise intensities.

Table 14 .
Encryption and decryption time for different images (time unit: s).